[rosshemsley]

Whilst I don't totally disagree with many of the points here, I think there's a wider picture to many of these issues.

The author is concerned with installing packages on user machines: which are typically very long-lived installs - maybe a user has the same machine with the same dependencies for years.

However, for many engineers, (such as myself), a binary may not be used past even a few days from when it was first compiled - e.g. as part of a service in a a quickly continuously integrated system.

I might even argue that _most_ software is used in this way.

When software is built this way, many of the points in this article are very helpful to keep builds stable and to make deployment fast - and in fact for the case of security, we usually _don't_ want dependencies to auto-update, as we do not want to automatically deploy new code if it has not been audited.

Maybe there's a future were OSs become more like this, where binaries are more short lived... maybe not. Although I don't think it's strictly fair to label all of these as "Bad" with a capital B :)

[ampdepolymerase]

The way iOS and Fuchsia are dealing with the problem is to completely lockdown the operating system with a tight permissions system. An app can be compromised but the damage is limited. Perhaps it is time for servers to move to a similar model.

[giantrobot]

We should call this newly invented and wholly original concept a "container". The software gets "contained". It just might work. /s

[eecc]

You mean cgroups, or zones don’t you? Docker (was, last time I heard) a security disaster, not generating robust layer hashes, lacking user isolation, and plenty just running as root...

[giantrobot]

There's more to containers on Linux than just Docker.

[ampdepolymerase]

To be fair you need to go to the hypervisor level (like Firecracker) to get any decent level of sandboxing.

[progval]

For security by isolation, you don't even need containers. Just run each application as its own user.

This is already done by most (all?) daemons packaged in Debian that don't need to be root.

[AshamedCaptain]

> An app can be compromised but the damage is limited

AKA the "we don't care" security model. What exact use is the fact that the web browser is "contained" if it is compromised? The mail client? Your PIM program? On a server, what use is that the database engine is contained if it is compromised?

I am the first to accept the security benefits of sandboxing, but it is just _one_ thing. It doesn't even help against the majority of issues. Not even on Android/iOS.

[loloquwowndueo]

Just install all your software from snaps on an Ubuntu system ;) (just kidding, snaps have a whole bunch of issues for server software )